MAAS settings

Errors or typos? Topics missing? Hard to read? Let us know!

This document explains how to control MAAS settings for MAAS versions 3.4 and above. There are separate settings guides for MAAS 3.3 and below, and the MAAS CLI.

Settings is available near the bottom of the left navigation panel.

General settings

MAAS name

You can assign a unique name to each MAAS instance, along with one or more Unicode emojis. To do so:

  1. Access the MAAS web interface and log in with your credentials.

  2. Navigate to Settings > Configuration > General.

  3. Use the MAAS name field and Unicode emoji(s) to describe your MAAS instance.

  4. Save the changes.

This will help differentiate and identify your instance easily, for example:

US-west-2 🇺🇸 MAAS-prod
my-maas ❗ no-deploys

MAAS theme main colour

In addition to a unique name and emoji (see above), you can differentiate MAAS instances by changing the theme color. You can do so like this:

  1. Access the MAAS web interface and log in with your credentials.

  2. Navigate to Settings > Configuration > General.

  3. Choose the main colour theme for your MAAS instance. Options include:

  • Default
  • Bark
  • Sage
  • Olive
  • Viridian
  • Prussian green
  • Blue
  • Purple
  • Magenta
  • Red
  1. Save the changes.

This will determine the overall visual appearance of the interface.

Data analytics

You can enable analytics to shape improvements to the user experience. The analytics used in MAAS include Google Analytics, Usabilla, and Sentry Error Tracking. To do so:

  1. Access the MAAS web interface and log in with your credentials.

  2. Navigate to Settings > Configuration > General.

  3. Check the box entitled, “Enable analytics to shape improvements to user experience”.

  4. Save the changes.

This data is handled with privacy in mind.

Notifications

You can also enable notifications for new releases, like this:

  1. Access the MAAS web interface and log in with your credentials.

  2. Navigate to Settings > Configuration > General.

  3. Check the box entitled, “Enable new release notifications”.

  4. Save the changes.

This feature applies to all MAAS users, allowing you to receive dismissible notifications regarding the availability of new releases.

Images

Default Ubuntu release used for commissioning

The default Ubuntu release used for commissioning determines the version of Ubuntu that is installed on newly commissioned machines. By default, the Ubuntu 20.04 LTS “Focal Fossa” release is used. This is the recommended and supported release for commissioning.

If you have synced other release images using Configuration > Images, they will appear in the drop-down entitled, “Default Ubuntu release used for commissioning”. You can access this drop-down and change the default commissioning release like this:

  1. Access the MAAS web interface and log in with your credentials.

  2. Navigate to Settings > Configuration > Commissioning.

  3. Select your desired default commissioning release from the “Default Ubuntu release used for commissioning” drop-down.

  4. Save the changes.

Unless you have synced images other than the default Ubuntu 20.04, no other choices will be available in this drop-down.

Default minimum kernel version

The default minimum kernel version is the lowest kernel version allowed on all new and commissioned nodes. To set this kernel:

  1. Access the MAAS web interface and log in with your credentials.

  2. Navigate to Settings > Configuration > Commissioning.

  3. Select your desired kernel from the “Default minimum kernel version” drop-down.

  4. Save the changes.

Currently, there is no minimum kernel version set. This means that any kernel version can be used on the machines.

Please note that while the absence of a minimum kernel version provides flexibility, it’s important to ensure compatibility with your specific system requirements.

Default operating system used for deployment

The default operating system used for deployment determines the OS that will be deployed on machines in the absence of any configuration changes.

Only the OS images you have synced using Configuration > Images will appear in the drop-down entitled, “Default operating system used for deployment”. You can access this drop-down and change the default OS like this:

  1. Access the MAAS web interface and log in with your credentials.

  2. Navigate to Settings > Configuration > Deploy.

  3. Select your desired default OS from the “Default OS release used for deployment” drop-down.

  4. Save the changes.

Unless you have synced custom images, only “Ubuntu” will be available in this drop-down.

Default OS release used for deployment

The default OS release used for deployment specifies the release of your chosen OS that is automatically installed on machines.

Only OS releases you have synced using Configuration > Images will appear in the drop-down entitled, “Default operating system used for deployment”. In order to access a release from a given OS, you must first select that OS as described above.

Once you have done so, you can select the default deployment OS release as follows:

  1. Access the MAAS web interface and log in with your credentials.

  2. Navigate to Settings > Configuration > Deploy.

  3. Select your desired default OS from the “Default operating system used for deployment” drop-down.

  4. Save the changes.

Default hardware sync interval (minutes)

The default hardware sync interval refers to the frequency at which hardware information is synchronized between the MAAS server and the deployed machines. To change it:

  1. Access the MAAS web interface and log in with your credentials.

  2. Navigate to Settings > Configuration > Deploy.

  3. Set your desired sync interval in the field entitled, “Default hardware sync interval (minutes)”.

  4. Save the changes.

By default, the hardware sync interval is set to 15 minutes. This means that every 15 minutes, the MAAS server will update and synchronize the hardware information of the deployed machines.

You can adjust this interval according to your specific needs and requirements, but it’s recommended to maintain a reasonable interval for efficient synchronization.

Configuration > Kernel parameters

Global kernel parameters are settings that are consistently passed to the kernel during the boot process for all machines in your MAAS instance. These parameters can be used to configure specific behaviours or enable certain features in the kernel.

  1. Access the MAAS web interface and log in with your credentials.

  2. Navigate to Settings > Configuration > Kernel parameters.

  3. Set your kernel parameters in the field entitled, “Global boot parameters always passed to the kernel”.

  4. Save the changes.

Ensure that the boot parameters you specify are compatible with the kernel and any specific requirements of your system.

Please note that changes to the global boot parameters will affect all machines in your MAAS instance during the boot process. Make sure to review and test the parameters thoroughly before applying them to your production environment.

Security

Security protocols

By default, TLS (Transport Layer Security) is disabled in MAAS. However, if you want to enable TLS to ensure secure communication, you can follow these instructions:

  1. Open the command-line interface (CLI) on the machine running MAAS.

  2. Run the following command as a superuser (sudo):

sudo maas config-tls enable $key $cert --port YYYY

This command will enable TLS for the MAAS instance. More information about MAAS native TLS can be found here

Secret storage

To integrate MAAS with Vault, use the following procedure.

Obtain the necessary information from Vault

Get the $wrapped_token and $role_id from Vault. Refer to the documentation provided by Hashicorp Vault for more details on retrieving these values.

Configure Vault on each region controller

  1. SSH into each region controller.

  2. Run the following command, replacing the variables with the appropriate values:

sudo maas config-vault configure $url $approle_id $wrapped_token $secrets_path --secrets-mount $secret_mount

This command configures Vault on the region controller using the provided parameters.

Migrate secrets on one of the region controllers

After configuring Vault on all region controllers, select one of the region controllers. Run the following command on that controller to migrate the secrets:

sudo maas config-vault migrate

For more information on Vault integration with MAAS, refer to the additional documentation provided.

Session timeout

MAAS allows you to configure the session timeout, which determines the length of time a user session can remain active before requiring re-authentication. Follow these instructions to manage the session timeout:

  1. Determine the desired session timeout duration:
  • The maximum session length is 14 days or 2 weeks.
  • You can specify the duration in weeks, days, hours, and/or minutes.
  • Access the MAAS web interface and log in with your credentials.
  1. Navigate to Settings > Security > Session timeout.

  2. Enter the desired duration for the session timeout. Use the appropriate format options (e.g., “2 weeks,” “14 days,” “336 hours,” or “20,160 minutes”).

  3. Be sure to save the changes.

Please note that after changing the session expiration time, MAAS will automatically log out all users. The new session timeout will apply for subsequent logins.

IPMI settings

MAAS provides options to configure the IPMI (Intelligent Platform Management Interface) settings for your systems.

MAAS-generated IPMI username

The MAAS-generated IPMI username is set to “maas” by default. This username is used for IPMI authentication.

K_g BMC key

The K_g BMC key is used to encrypt all communication between IPMI clients and the BMC (Baseboard Management Controller). If you wish to enable encryption, specify the key in this field. Leave the field blank for no encryption.

MAAS-generated IPMI user privilege level

MAAS provides three user privilege levels for the MAAS-generated IPMI user:

  • Admin: This privilege level grants full access to all IPMI features and controls.
  • Operator: This privilege level allows access to most IPMI features but restricts certain critical functions.
  • User: This privilege level provides limited access to IPMI features.

Choose the appropriate privilege level for the MAAS-generated IPMI user based on your requirements.

Configuring IPMI security

To configure these settings:

  1. Access the MAAS web interface and log in with your credentials.

  2. Navigate to Settings > Security > IPMI settings.

  3. Locate the fields for the MAAS-generated IPMI username, K_g BMC key, and IPMI user privilege level.

  4. Enter the desired values for each setting, based on the discussion above.

  5. Save the changes.

Please note that these settings are specific to the MAAS-generated IPMI user and apply to the IPMI communication for your systems.

User management

MAAS provides basic functionality to manage users, as described in this section.

Search

The search feature allows you to find specific users in the MAAS system based on different criteria. You can search by username, real name, email, machines, type, last seen, role, or MAAS keys.

The search results will display a table with relevant information for each user, including their username, real name, email, number of machines, user type, last seen date and time, role, and MAAS keys. Additionally, actions such as editing or deleting users can be performed using the respective buttons under the “Actions” column.

Add User

To add a new user to the MAAS system:

  1. Access the MAAS web interface and log in with your credentials.

  2. Navigate to Settings > Users.

  3. Click on the “Add user” button. This will open a new user creation form.

  4. Fill in the required information for the new user:

  • Username: Enter the desired username for the new user.
  • Full name: Provide the real name of the user.
  • Email address: Enter the email address associated with the user.
  • Password: Enter a password for the new user and confirm it.
  1. Save your changes.

Editing a user entry

To edit an existing user:

  1. Access the MAAS web interface and log in with your credentials.

  2. Navigate to Settings > Users.

  3. If you have a large number of users, use the Search function described above to filter the list.

  4. Click on the pencil icon at the end of a given user’s row. This will open an editing creation form.

  5. Fill in the required information for the new user:

  • Username: Update the username for this user.
  • Full name: Provide or update the real name of the user.
  • Email address: Update the email address associated with the user.
  • Change password: Expand the box and update the user password; you will need to provide the current password for this change to be successful.
  1. Save your work.

Per-OS customizations

Use proprietary drivers

To enable the installation of proprietary drivers, follow these instructions:

  1. Access the MAAS web interface and log in with your credentials.

  2. Navigate to Settings > Images > Ubuntu.

  3. Locate the switch or toggle button labelled “Enable the Installation of Proprietary Drivers” under Images > Ubuntu on the settings page.

  4. Move the switch to the “On” or “Enabled” position to allow the installation of proprietary drivers.

  5. Save your changes.

Enabling this option will allow the system to install proprietary drivers, such as HPVSA (High-Performance Virtual Storage Architecture), when necessary or desired.

Please note that the availability and functionality of proprietary drivers may vary depending on your specific system and hardware configuration. It may also be necessary for you to load the needed drivers onto your system.

Windows KMS host

The Windows KMS (Key Management Service) activation host is used for activating Windows deployments through KMS activation. Follow these instructions to configure the KMS activation host:

  1. Obtain the FQDN (Fully Qualified Domain Name) or IP address of the host that provides the KMS Windows activation service. You may need to consult with your network or system administrator to obtain this information.

  2. Navigate to Settings > Images > Windows.

  3. Under Windows KMS activation host, enter the FQDN or IP address of the KMS activation host in the provided field.

  4. Save the changes to apply the configuration.

Please note that this configuration is only necessary for Windows deployments that use KMS activation. If you are not using KMS activation or have already configured a different activation method, you can leave this field blank.

VMware vCenter server configuration

To configure the VMware vCenter server settings in MAAS, follow these steps:

  1. Obtain the necessary information related to your VMware vCenter server:
  • VMware vCenter server FQDN or IP address: This is the Fully Qualified Domain Name (FQDN) or IP address of your VMware vCenter server, which will be passed to the deployed VMware ESXi host.
  • VMware vCenter username: This is the username for your VMware vCenter server, which will be passed to the deployed VMware ESXi host.
  • VMware vCenter password: This is the password for your VMware vCenter server, which will be passed to the deployed VMware ESXi host.
  • VMware vCenter datacenter: This is the datacenter in your VMware vCenter environment, which will be passed to the deployed VMware ESXi host.
  1. Access the MAAS web interface and log in with your credentials.

  2. Navigate to Settings > Images > VMware.

  3. Locate the configuration options for the above parameters, and enter the respective information into the provided fields.

  4. Save the changes to apply the configuration.

Please ensure that the provided information is accurate and corresponds to your VMware vCenter server environment. This configuration will be passed to the deployed VMware ESXi hosts for proper integration.

License keys

Settings > License keys gives you the ability to manage your product licenses in a tabular format:

  • Add license key button: This button can be used to add a new license key.

  • Sortable columns: Note that some of the column headings are clickable, allowing you to sort those columns. These are “three click” sorts: ascending, descending, and none.

  • Actions column: These action buttons allow you to delete or edit the information in that row. Note that the delete and/or edit buttons may be greyed out (unavailable) based on your role.

Note that if the table becomes longer than one screen will accommodate, paging buttons will appear at the bottom of the screen. A search bar is also provided to help you locate a particular license key in a longer list.

Storage

Default storage layout

The default storage layout determines the layout that is applied to a node when it is commissioned. Follow these instructions to configure the default storage layout:

  1. Access the MAAS web interface and log in with your credentials.

  2. Navigate to Settings > Storage.

  3. Locate the option labelled “Default Storage Layout” or similar.

  4. Choose the desired storage layout from the available options. For example, you may select the “Flat layout” as the default storage layout.

  5. Save the changes to apply the configuration.

Please note that the selected default storage layout will be applied to nodes during the commissioning process.

Erasing disks prior to releasing

The option “Erase nodes’ disks prior to releasing” forces users to always erase disks when releasing nodes. Follow these instructions to configure this option:

  1. Access the MAAS web interface and log in with your credentials.

  2. Navigate to Settings > Storage.

  3. Locate the option labelled “Erase nodes’ disks prior to releasing” or similar.

  4. Enable or select this option to ensure that disks are always erased before releasing nodes.

  5. Save the changes to apply the configuration.

Please note that enabling this option ensures that disks are properly wiped before releasing nodes.

Disk erasure options

MAAS provides different disk erasure options depending on the capabilities of the devices. Follow these instructions to configure the disk erasure options:

  1. Access the MAAS web interface and log in with your credentials.

  2. Navigate to Settings > Storage.

  3. Locate the options labelled “Use secure erase by default when erasing disks” and “Use quick erase by default when erasing disks.”

  4. Choose the desired option based on your requirements:

  • “Use secure erase by default when erasing disks”: This option will be used on devices that support secure erase. Other devices will fall back to full wipe or quick erase depending on the selected options.
  • “Use quick erase by default when erasing disks”: This option performs a non-secure erase by wiping only the beginning and end of each disk.
    Save the changes to apply the configuration.

Please note that the disk erasure options define the default behaviour when erasing disks in the MAAS environment.

Network settings

HTTP proxy configuration

MAAS allows you to configure an HTTP proxy for image downloads and for provisioned machines to access APT and YUM packages. Follow these instructions to configure the HTTP proxy:

  1. Access the MAAS web interface and log in with your credentials.

  2. Navigate to Settings > Network > Proxy.

  3. Choose the appropriate option based on your requirements:

  • Don’t use a proxy: Select this option if you do not want to use an HTTP proxy for MAAS image downloads or for APT/YUM package access by provisioned machines.

  • MAAS built-in: Select this option if you want to use the built-in HTTP proxy provided by MAAS. This is the default option and requires no additional configuration.

  • External: Enter the URL of the external proxy that MAAS will use to download images, and the machines will use to download APT packages for provisioned machines. Be sure to provide the complete URL of the external proxy server, including the protocol (e.g., http:// or https://), the hostname or IP address, and the port number.

  • Peer: Enter the URL of an external proxy that will serve as an upstream cache peer for the MAAS built-in proxy. Machines provisioned by MAAS will be configured to use the MAAS built-in proxy to download APT packages, and this external proxy will be used as a peer for caching. By configuring an upstream cache peer, MAAS can leverage caching functionality to improve APT package download performance for provisioned machines. Be sure to provide the complete URL of the external proxy server, including the protocol (e.g., http:// or https://), the hostname or IP address, and the port number.

  1. Save the changes to apply the configuration.

Please note that configuring an HTTP proxy is optional and depends on your network setup and requirements.

Upstream DNS configuration

MAAS allows you to configure the upstream DNS settings for resolving domains not managed by MAAS. Follow these instructions to configure the upstream DNS:

  1. Access the MAAS web interface and log in with your credentials.

  2. Navigate to Settings > Network > DNS.

  3. Locate the option labelled “Upstream DNS” or similar.

  4. Enter the IP addresses of the upstream DNS servers. Separate multiple IP addresses with a space. For example, you can enter 8.8.8.8 to use Google’s public DNS server.

  5. Save the changes to apply the configuration.

Please note that the upstream DNS configuration is only used when MAAS is running its own DNS server. The provided IP addresses will be used as the value of ‘forwarders’ in the DNS server configuration.

DNS delegation

MAAS allows for efficient DNS management, including the delegation of DNS zones. Delegation is typically used to direct traffic from a parent domain to a child domain, managed by different DNS servers. Below is a guide to configure DNS delegation in MAAS.

Delegate a zone to MAAS

  1. External DNS Configuration: In your external DNS server, create NS records for the subdomain that point to the MAAS region controller. For example, for the subdomain dc1.mycompany.com, create an NS record in your global DNS that delegates to MAAS.

  2. MAAS DNS Configuration: Within MAAS, create an authoritative domain for dc1.mycompany.com. MAAS will then handle DNS requests for this subdomain.

Delegate a zone from MAAS to another DNS server

  1. Create the Domain: In MAAS, create a domain you wish to delegate, say dc1.mycompany.com, but set it as non-authoritative.

  2. Configure the NS Records: In the MAAS domain, create NS records pointing to the DNS servers that will be authoritative for the subdomain.

  3. A/AAAA Records: Ensure you have A or AAAA records for each DNS server to which you’re delegating within the MAAS domain.

Remember that proper DNS delegation requires pointing NS records to the hostname of the authoritative DNS servers (A/AAAA records), not directly to IP addresses – although using IP addresses can work in most cases.

Enable DNSSEC validation of upstream zones

MAAS provides the option to enable DNSSEC (Domain Name System Security Extensions) validation for upstream zones. Follow these instructions to configure DNSSEC validation:

  1. Access the MAAS web interface and log in with your credentials.

  2. Navigate to Settings > Network > DNS.

  3. Locate the option labelled “Enable DNSSEC validation of upstream zones” or similar.

  4. Choose the desired option based on your requirements:

  • Automatic (use default root key): Select this option to enable DNSSEC validation using the default root key. This is the recommended option as it simplifies the configuration and maintenance of DNSSEC.

  • Yes (manually configured root key): Select this option if you have a specific root key that you want to use for DNSSEC validation. This allows you to manually configure and manage the root key used for validation.

  • No (Disable DNSSEC; useful when upstream DNS is misconfigured): Select this option to disable DNSSEC validation. This option is useful when the upstream DNS is misconfigured or does not support DNSSEC properly.Automatic (use default root key): Select this option to enable DNSSEC validation using the default root key.

  1. Save the changes to apply the configuration.

Please note that DNSSEC validation is only used when MAAS is running its own DNS server. The selected option will be used as the value of ‘dnssec_validation’ in the DNS server configuration.

List of external networks allowed to use MAAS for DNS resolution

MAAS maintains a list of networks that are allowed to use MAAS for DNS resolution. You can add extra networks to this trusted ACL list, specifically networks that were not previously known. Follow these instructions to add extra networks:

  1. Access the MAAS web interface and log in with your credentials.

  2. Navigate to Settings > Network > DNS.

  3. Locate the option labelled “List of external networks (not previously known) that will be allowed to use MAAS for DNS resolution” or similar.

  4. Enter the IP addresses or ACL (Access Control List) names of the extra networks that should be allowed to use MAAS for DNS resolution. Separate multiple entries with a space.

  5. Save the changes to apply the configuration.

Please note that this option allows you to add networks that were not previously known to the trusted ACL list maintained by MAAS.

NTP server configuration

MAAS allows you to configure NTP (Network Time Protocol) servers to be used as time references for MAAS itself, the machines deployed by MAAS, and devices utilizing MAAS’s DHCP services. Follow these instructions to configure the NTP servers:

  1. Access the MAAS web interface and log in with your credentials.

  2. Navigate to Settings > Network > NTP.

  3. Locate the option labelled “Addresses of NTP servers” or similar.

  4. Enter the addresses of the NTP servers. Specify the NTP servers as IP addresses or hostnames delimited by commas and/or spaces. For example, you can enter ntp.ubuntu.com to use the default Ubuntu NTP server or provide specific IP addresses of NTP servers.

  5. Save the changes to apply the configuration.

Please note that the configured NTP servers will be used as time references for MAAS itself, the machines deployed by MAAS, and devices utilizing MAAS’s DHCP services.

Use external NTP servers only

MAAS provides the option to configure the use of external NTP servers exclusively. Follow these instructions to enable this option:

  1. Access the MAAS web interface and log in with your credentials.

  2. Navigate to Settings > Network > NTP.

  3. Locate the option labelled “Use external NTP servers only” or similar.

  4. Enable or select this option to configure all region controller hosts, rack controller hosts, and subsequently deployed machines to refer directly to the configured external NTP servers.

  5. Save the changes to apply the configuration.

Please note that enabling this option ensures that all relevant MAAS components, including region controller hosts, rack controller hosts, and deployed machines, will refer directly to the configured external NTP servers for time synchronization. Disabling this option will result in a different hierarchy of NTP server references.

Remote syslog server configuration

MAAS allows you to configure a remote syslog server to which log messages from enlisted, commissioned, tested, and deployed machines will be sent. Follow these instructions to configure the remote syslog server:

  1. Access the MAAS web interface and log in with your credentials.

  2. Navigate to Settings > Network > Syslog.

  3. Locate the option labelled “Remote syslog server to forward machine logs” or similar.

  4. Enter the address of the remote syslog server. This can be an IP address or a hostname.

  5. Save the changes to apply the configuration.

Please note that once configured, MAAS will automatically set the remote syslog server on enlisted, commissioned, tested, and deployed machines to forward all log messages to the specified server.

If you wish to restore the default behaviour of forwarding syslog to MAAS instead of a remote server, simply clear the configured value in this field. MAAS will revert to its default behaviour.

Network discovery configuration

MAAS allows you to configure network discovery, which enables MAAS to observe networks attached to rack controllers using passive techniques such as listening to ARP requests and mDNS advertisements. Follow these instructions to configure network discovery:

  1. Access the MAAS web interface and log in with your credentials.

  2. Navigate to Settings > Network > Network discovery.

  3. Locate the option labelled “Network discovery” or similar.

  4. Enable the option to activate network discovery in MAAS.

  5. Save the changes to apply the configuration.

Please note that when network discovery is enabled, MAAS will passively observe networks attached to rack controllers to gather information.

Active subnet mapping interval

MAAS provides the option to enable active subnet mapping, which involves scanning subnets at regular intervals to ensure accurate and complete discovery information. Follow these instructions to configure the active subnet mapping interval:

  1. Access the MAAS web interface and log in with your credentials.

  2. Navigate to Settings > Network > Network discovery.

  3. Locate the option labelled “Active subnet mapping interval” or similar.

  4. Choose the desired interval for the active subnet mapping. For example, you can select “Every 3 hours” to perform subnet mapping every three hours.

Please note that enabling active subnet mapping helps ensure that the discovery information gathered by MAAS is up-to-date and accurate.


Last updated 18 days ago.